True: it would have been possible to produce this bug in other languages. But it would have been harder: you would have had to actively choose to dump from a specified memory position forward for a specified length rather than doing the easy thing, sending out a copy of the received string. C makes it easy to get at the raw machine when you need to -- but it also makes it easy to get at the raw machine when you DON'T need to.
And yes, the right answer in ANY language is good code review, careful documentation of assumptions, and testing what happens when those assumptions are violated.
There are languages (e.g. Haskell) that get nearly the performance of C without losing soundness, because the compiler does a lot of theorem-proving about what can and can't be true at various points in the code. Of course, that technology didn't exist forty years ago....
Fair cop
And yes, the right answer in ANY language is good code review, careful documentation of assumptions, and testing what happens when those assumptions are violated.
There are languages (e.g. Haskell) that get nearly the performance of C without losing soundness, because the compiler does a lot of theorem-proving about what can and can't be true at various points in the code. Of course, that technology didn't exist forty years ago....